1. Field of Invention
The present invention relates to method of secure authentication or electrical payment utilizing a random ID verification method through a mobile communication tool.
2. Description of Related Arts
Conventional methods of secure access and electronic payment require highly sophisticate method and/or equipments, such as finger print, smart card, and/or other password based security/encryption to prevent ID forgery. Even with costly software and hardware investment they are still vulnerable to some technically or non-technically stealing methods.
The practice of saving the credit or debit card information into a mobile phone is just a change of carrying media of the sensitive information. It doesn't resolve the problem of proper authentication. There are varies of ways of stealing the sensitive card or account information plus the PIN code.
Traditional internet base login and payment methods are very vulnerable to many stealing/forgery practices: account number stealing, Trojan virus, wiretapping, phishing and etc. There's a great demand of a method that's practical, secure and low cost. The method presented in this invention satisfies all the criteria.
U.S. patent application Ser. No. 10/801,470 (Publication No.: 20050208891) presents a method of generating a pseudo-random code based on time slice on a server and the mobile phone. If the server generated code matches the one generated by the mobile phone, the user's authentication is approved. This method requires a special designed mobile phone with pseudo-random number generator built in. And the server needs to keep track of all of its subscribed mobile terminals' pseudo-random numbers, as each has different number based on the different seed received. This practice is timing sensitive, so the server needs to be synchronized to the mobile phone or the mobile network all the time. And it's very possible that the user would subscribe to multiple servers for different purpose. The mobile phone would have to have many different algorithms of time-varying pseudo-random number generator built in. And the user has to choose which algorithm to use when accessing different service. And as long as there's a fixed algorithm for all subscribed mobile user and a fixed seed for each user saved in the server and the mobile phone, the security is vulnerable to some theft activity.
U.S. patent application Ser. No. 10/934,740 (Publication No.: 20030005136) presents a method of using mobile phone to pay a charge. The user first dials the number of the payment transaction server to initiate a payment transaction. The payment server verifies the subscribed user's PIN, account balance and the subscribed merchant store account. If both accounts are verified and the balance is enough the transaction will be approved. This method only applies to a payment application. And the user needs to go through tedious multiple voice-prompts to provide not only his/her account and PIN, but the merchant store account number and amount of charge. It requires both the user and the merchant store subscribed to the same service provider otherwise it will be very hard for the service provider to locate the merchant's bank account. It may be applied to a small charge merchant like vending machine and parking meter. It may not be applicable to a supermarket, in which timing of charge processing is critical. And it is not suitable and convenient for an online shopping.
Another way of using mobile phone for the authentication is the authentication server request the mobile phone send back a confirmation back after reviewing the detail of the transaction request. This method does utilize the secure mobile wireless network. But it is not user friendly and always requires human intervening. It will be discussed in the detail description of preferred embodiment.